Kevin

I've wondered what the crossOriginIsolated property is on browsers and why it is only emitted when the properties Cross-Origin-Opener-Policy and Cross-Origin-Embedder-Policy are set. After diving into it I've come up with what I believe is the reason. But first allow me to give a little context. The internet was taken by storm when two vulnerabilities, Meltdown and Spectre, that affected nearly all devices online suddenly dropped. They are speculation attacks that can allow an attacker to read ...

Static analysis  SonarQube https://www.sonarsource.com/ FOSS ZAP https://github.com/zaproxy/zaproxy Nuclei https://github.com/projectdiscovery/nuclei Nettacker https://github.com/OWASP/Nettacker  Nikto https://github.com/sullo/nikto Arachni https://github.com/Arachni/arachni Wapiti https://github.com/wapiti-scanner/wapiti Threatmapper https://github.com/deepfence/ThreatMapper Fremium Burp https://portswigger.net/burp Caido https://github.com/caido/caido Metasploit https://www.metasploi...

Authorisation Failures Permissions for editing own profile and others' Admins being able to edit/create/delete/privilege escalate to SuperAdmins admin creating superadmin admin self escalating to superadmin admin updating someone to superadmin admin deleting a superadmin admin modifying a superadmin Permissions updating instantly after change Session and other token deactivation after user deletion Code not matching spec/comments Local login: Proper hashing, salting Length checking Ent...